Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forbid using CRLF in the reg. code (bsc#1111419) #400

Merged
merged 2 commits into from
Oct 11, 2018
Merged

Forbid using CRLF in the reg. code (bsc#1111419) #400

merged 2 commits into from
Oct 11, 2018

Conversation

lslezak
Copy link
Member

@lslezak lslezak commented Oct 11, 2018

  • Forbid using CRLF in the reg. code they cannot be included in the registration code
  • The code is sent in the HTTP header which does not allow using CRLF, it is used as header field separator.
  • Normally you cannot enter a new line character into the input field but you can copy & paste it by mistake with the registration code
  • 3.2.17

registration-crlf

@lslezak
Forbid using CRLF in the reg. code (bsc#1111419)
ac42f95 
they cannot be included in the registration code

- 3.2.17
@coveralls
Copy link

coveralls commented Oct 11, 2018
edited
Loading

Coverage Status

Coverage increased (+0.03%) to 63.697% when pulling 66b4102 on cr_lf into 4a549ac on SLE-12-SP4.

imobachgs
imobachgs reviewed Oct 11, 2018
View reviewed changes
test/base_system_registration_dialog_test.rb Outdated
# include CRLF characters which are not allowed
let(:reg_code) { "\nmy-reg-code\r" }
it "displays error popup and does not register the system" do
expect(Yast::UI).to receive(:QueryWidget).with(:reg_code, :Value)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

np: IMHO, you are not testing this, so I would use allow here to make it clear. The same for the next two lines.

test/base_system_registration_dialog_test.rb
expect(Yast::UI).to receive(:UserInput).and_return(:next, :abort)
expect(Registration::UI::AbortConfirmation).to receive(:run).and_return(true)

expect(Yast::Report).to receive(:Error).with(/Invalid registration code/)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This (and the next line) is what you really want to test. So it is fine to use expect here.

@lslezak lslezak merged commit 1554941 into SLE-12-SP4 Oct 11, 2018
@lslezak lslezak deleted the cr_lf branch October 11, 2018 15:28
@yast-bot
Copy link
Contributor

✔️ Internal Jenkins job #6 successfully finished
✔️ Created IBS submit request #174492

@lslezak lslezak mentioned this pull request Oct 11, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imobachgs imobachgs imobachgs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lslezak @coveralls @yast-bot @imobachgs